Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1254: LogoutBeanDefinitionParser cannot leave 'logoutSuccessUrl' empty #1505

spring-issuemaster opened this Issue Sep 29, 2009 · 3 comments


None yet
1 participant

zhouyanming (Migrated from SEC-1254) said:

I have patched LogoutFilter before to use request.getHeader('Referer') for logoutSuccessUrl http://jira.springframework.org/browse/SEC-491
It need logoutSuccessUrl be empty to use such feature

please remove DEF_LOGOUT_SUCCESS_URL in LogoutBeanDefinitionParser leave it to LogoutFilter, LogoutFilter has default value "/"

Luke Taylor said:

The behaviour you describe no longer applies in the 3.0 codebase. The location is determined by the LogoutSuccessHandler. If you want to use the referer, rmove the element from the namespace and add a LogoutFilter which has a SimpleUrlLogoutSuccessHandler with the "referer" property set to "true".

Luke Taylor said:

Changing type and module. Not a bug - more a limitation of the namespace, which doesn't supoprt use of the referer as the destination.

Luke Taylor said:

I've added SEC-1291, to allow customization of the logout success handler, so you will be able to inject the required behaviour.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment